cyber Breach

microsoft-ai

Oct 4, 2023 1 min read
microsoft-ai

The Microsoft AI research division unintentionally published 38TB of critical information while posting a container of open-source training data on GitHub, according to cybersecurity company Wiz.

Secrets, private keys, passwords, and more than 30,000 internal Microsoft Teams communications were discovered in a disk backup of the workstations of two workers that was made public by the disclosed data.

Wiz emphasized that because Microsoft does not offer a centralized method to manage SAS tokens within the Azure interface, it is difficult to track them.

Microsoft claimed that the data lead did not reveal customer data, that no customer data was leaked, and that this vulnerability did not put any internal services at risk.

Source: https://securityaffairs.com/151004/data-breach/microsoft-ai-data-leak.html

TPRM report: https://scoringcyber.rankiteo.com/company/microsoft-ai

"id": "mic33924923",
"linkid": "microsoft-ai",
"type": "Data Leak",
"date": "09/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'customers_affected': 'None',
                        'industry': 'Technology',
                        'name': 'Microsoft AI Research Division',
                        'type': 'Organization'}],
 'attack_vector': 'Accidental Data Exposure',
 'data_breach': {'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Secrets',
                                              'Private keys',
                                              'Passwords',
                                              'Internal Microsoft Teams '
                                              'communications']},
 'description': 'The Microsoft AI research division unintentionally published '
                '38TB of critical information while posting a container of '
                'open-source training data on GitHub.',
 'impact': {'data_compromised': ['Secrets',
                                 'Private keys',
                                 'Passwords',
                                 'Internal Microsoft Teams communications']},
 'lessons_learned': 'Difficulty in tracking SAS tokens due to lack of '
                    'centralized management in Azure interface.',
 'post_incident_analysis': {'root_causes': 'Improper data management '
                                           'practices'},
 'references': [{'source': 'Wiz'}],
 'response': {'third_party_assistance': ['Wiz']},
 'title': 'Microsoft AI Research Division Data Leak',
 'type': 'Data Leak',
 'vulnerability_exploited': 'Improper data management practices'}
Published by
Roshni Ray
Roshni Ray
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.